EPSS
Percentile
36.2%
The permission check for a file drop (upload only share) could be circumvented by using the shareinfo API. This allowed to see from the files in the filedrop but didn’t allow downloads.